Security.

Our world is moving towards a networked and digitalised future at an increasing speed. As a result, threats to our privacy and security are gaining momentum and therefore data protection regulations are becoming more stringent – rightfully so. That’s why we set out to develop a messaging platform that’s 100% confidential, private and secure.

In order to be successful, we need you to feel totally confident using Siilo: Let us explain our relevant security and privacy features.

End-to-end encryption

In case you don’t know: proper ‘end-to-end encryption’ means that information is encrypted with keys, such that outsiders can never get to the information that is sent over the line. Nobody but the professionals involved with a patient are able to access these messages, meaning the content is sent completely confidentially.

Professional and private communication separated

Also, the pictures, videos, and files you send and receive are kept completely separated from your personal photos on your phone. This means that privacy sensitive pictures of your patients will not end up in services like Apple iCloud, Google Dropbox, or in your family vacation album on your family's iPad. They’re safely stored in the encrypted vault that Siilo has created on your phone. Also, Siilo does not make automated back-ups of your conversations.

Messages are automatically deleted after 30 days

Older messages will be deleted automatically, unless you’ve consciously decided to save them in the encrypted Siilo vault on your phone. This way, we’re 100% sure that even in the extremely unlikely case of a data breach, as little information as possible is compromised.

Nobody gets in, except you

Siilo prevents others from accessing the data on your phone through mandatory PIN-code access, fingerprint access or facial recognition access. And when your phone gets stolen, you can trust our remote wipe functionality, getting rid of all Siilo data on your phone remotely. And be sure that messages are deleted from our European ISO-27001 certified servers as soon as we can.

A web of trust

Online identities are not that hard to spoof. To counter this, we take a lot of effort to make sure that our users and their profiles check out. Every user on the platform goes through our mandatory verification process, which is done manually. You can easily spot a user’s verification status by looking at their avatar and handle accordingly.

Siilo is ISO-27001 certified

Now, an issued certificate or claiming “HIPAA compliance” does not say anything about the actual level of security of an app. However, it is important to realise there are many processes as well as people involved in developing a secure messaging app. All of these processes and people contain potential vulnerabilities. An ISO-27001 certificate tells you that these security risks are managed properly.

Siilo is transparent

This means that if you would like to have access to our code for review and study, that’s possible. You don’t have time to audit our code? Don’t worry, we hire independent security - and legal specialists to do this for you and write reports for you to have and forward. You can find these in the resources section of the website.

Anonymising patient information leads to erroneous decisions.

You probably always anonymise the patients’ information on your ‘regular’ social media messenger app, just to be super-secure, right? If your primary concern is to do no harm, please read the scenario below to understand the risks involved with your anonymisation habits:

You work on the surgery ward. During your ward round you come across a patient complaining of chest pain. The attending physician orders an ECG, right before she runs off to the theatres to perform operations the rest of the day.

Consequently, you make the ECG. When studying it, you wonder -but you’re not sure - if you see signs of a myocardial infarction. So you decide to grab your phone and take a picture of the ECG, sending it to the physician through Whatsapp.

For the patient’s privacy, you’ve made it a habit to always carefully photograph the ECG, so that the patient’s name, date of birth and study date are not shown. Coincidentally, there were three other patients you had to do that for this morning, causing you to send the wrong ECG to the physician...

The physician sees nothing abnormal on the ECG she got sent, and notices you. But in reality, the patient was suffering from a myocardial infarction... This little messaging error leads to the patient ending on the intensive care unit for weeks, to never reach independence again.

The point is: being able to send non-anonymised patient information through a secure and private medical messaging app, will reduce the risk of sending the wrong picture dramatically.